Ransomware, the reoccurring revenue model for cybercriminals

Ransomware will make even the most experienced IT professional shiver.. Let’s say you woke up feeling refreshed and have a perfect commute into work, Life is good then when you walk through the office door one of your team walks up to you and tells you that one of your sites has been hit with ransomware and everything is encrypted. (that’s a Holy Crap Moment – Day ruined ).

Hopefully, in this situation, you have isolated segments of your networks and backups are all UpToDate (and on one of those isolated segments) so that you can recover with minimal data loss. Here’s a scary statistic about backups – only one-third of SME's indicate that they continuously backup their systems. That is bad but let’s add in some statistics about cybersecurity incidents.

One in ten SMB’s have been affected by ransomware and 516,380 SMB's fell victim to a cyber incident in 2017. This figure is sure to be rising over the last 12 months, as the notification of breaches is constant, and it is almost impossible to go through a week without hearing about one form of a breach or another. Let’s add in the average amount that the majority of SME’s would need to pay in ransom to unlock their encrypted data, $4677.

Even if only 25% (129,095) of those victims paid the ransom it would equate to $603,777,315. That kind of figure would certainly fund a couple of mansions on the beach in different sunny islands around the world. What about a Ferrari as well at each location in a couple of different colours so you can choose your ride depending on your mood? Sounds awesome, doesn't it?  I am sure that there are plenty of non-extradition countries that could meet your needs.

The proceeds are an estimate and could be much higher, however, it would be split between thousands of cybercriminals, so the mansions and Ferraris may have to wait but even $300K-$500K annual income would be a decent salary. Invest that back into some legitimate income sources and you could, in the end, afford the desired fancy cars or estates (that is if you are not caught or accidentally travel to a country that has an extradition treaty – then you may lose it all).

Why is Ransomware so popular? Simply put it is the cybercriminals reoccurring revenue model. Look at it in the light of office 365 for Microsoft, Microsoft will sell you 200 licences for office 365 and provide you access to the email hosting services for $17 + a month per user. They already own the platforms, it doesn’t cost them anything further to provide it to you and they continually earn money from it. Smaller payday initially but long term they will make a killing from it. 

If we go back to look at ransomware, a malicious actor will develop a ransomware virus which could take a few months to get right if they are a skilled operator or possibly they may just buy it from another party at a fee (price will depend on how good it is and if it has been seen before). Once they release the ransomware bug they will just start to receive payments from their victims and all they will need to do is provide unlock keys and move around their money, so it is harder to track.

After the initial costs, they will get a constant revenue for very little effort, let’s say the bug stays effective for a 2-year period that is a good return on investment no matter how you look at it. It may even continue to earn income for years like some of the more successful variants to date.

I hear peers say that ransomware will soon be a thing of the past, but I really don’t think it will, why would it be? If this reoccurring revenue model that is ransomware can continue to generate money, why would malicious actors stop using it? Even if they diversify and do some good old-fashioned hacking and sell stolen data or credentials on the black market or build a network of crypto minor zombie machines it just makes sense that if it still brings in more than it costs to run then they will continue to ride the gravy train we call ransomware. So, in my opinion, it will still give me that shuddering feeling for many more years to come, until they develop something else that creeps in the dark and keeps us awake at night.

That’s a terrifying thought - what could be worse than Ransomware?

As always tell me what you think, disagree, tell me what is going to keep you awake at night? Whatever it is I am sure we will all be in the same boat, so let’s work together and find a way to make all of our systems safer, Cybersecurity is not a one man/woman fight it is something we all need to band together to enable us to succeed.

Till next time.